Rights Groups Seek E-Vote System Source Code Access

Civil rights advocates and computer experts are urging all counties planning to use touch-screen, or "direct recording electronic," voting systems to immediately implement security precautions, including independent expert access to the system

Civil rights advocates and computer experts today urged all counties planning to use DRE (direct recording electronic), or touch-screen, voting systems to immediately implement security precautions, including independent expert access to the systems source code.
The Leadership Conference on Civil Rights and the Brennan Center for Justice at NYU School of Law issued a set of minimum essential security steps recommended by Eric Lazarus and a team of IT security experts, including Howard Schmidt, former cyber-security advisor to the White House.

Following extensive reports of alleged flaws in DRE systems made by Diebold Inc., many civil rights advocates became concerned about security breaches, malfunctions and the overall integrity of the 2004 elections. The recommendations issued today are targeted at the 675 counties that have bought DRE systems, which accounts for approximately 30 percent of the nations registered voters.

The foremost recommendation to the counties is to hire independent security teams to analyze the potential for operational failure and malicious attacks. The teams must not have any business relationship with the DRE system vendor, and they must be given full access to the source code of the system itself and back-end systems. Vendors have opposed such access on the grounds that the code could fall into the wrong hands.
For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.
The organizations, whose study included a review of the arguments for and against DRE systems, recommended that counties establish permanent independent panels of computer experts and citizens groups to monitor the security actions taken and conduct a post-election assessment. The organizations cautioned that the recommendations do not constitute an endorsement of DRE systems and that a complete analysis of the benefits and potential problems is necessary.

Election officials should also ensure that all personnel are trained in security procedures; develop a process of random parallel testing to detect malicious code or bugs; and prepare a standard method of responding to alleged or actual security incidents. Such a standardized procedure would help protect evidence for ensuing investigation and potential prosecution.
The recommendations won the support of numerous civil rights and privacy advocates, including the Electronic Frontier Foundation, the Electronic Privacy Information Center, the National Committee for Voting Integrity and the National Association for the Advancement of Colored People.
Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.